Right, and I’m saying that a lot of updates are mundane and easy for anyone to read. And if they aren’t mundane then look into it. Try to learn. The alternative is to run code you don’t understand and hope for the best which didn’t work out for people here. So if you don’t want to try to learn, and you don’t want to blind trust, then the alternative is to not use the AUR.
Like one of the attack vectors was adding a “post install” step that was a bunch of obsfucated gibberish which should’ve been a red flag for anyone, technical acumen or not
Right, and I’m saying that a lot of updates are mundane and easy for anyone to read. And if they aren’t mundane then look into it. Try to learn. The alternative is to run code you don’t understand and hope for the best which didn’t work out for people here. So if you don’t want to try to learn, and you don’t want to blind trust, then the alternative is to not use the AUR.
Like one of the attack vectors was adding a “post install” step that was a bunch of obsfucated gibberish which should’ve been a red flag for anyone, technical acumen or not